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II. CLAIM AMENDMENTS 

1. (Currently Amended) Authentication method for authenticating a mobile node to a 
packet data network, comprising the steps of: 

providing the mobile node with a mobile node identity and a shared secret specific to 
the mobile node identity and usable by a telecommunications network; 

providing the mobile node with a protection code; 

sending the mobile node Identity and the protection code from the mobile node to 
the packet data network; 

providing the packet data network with authentication Information usable by the 
telecommunications network, the authentication information comprising a 
challenge based on RAND codes o f at least two authentiratlon triolets of the 
telecommunications network, and a session secret corresponding to the mobile 
node Identity and derivable using the challenge and the shared secret; 

forming cryptographic Information using at least the protection code and the session 

sending the challenge and the cryptographic information from the packet data 
network to the mobile node; 

checking at the mobile node the validity of the cr/ptographic information using the 
challenge and the shared secret; 

generating at the mobile node the session secret and a first response corresponding 
to ttte challenge, based on the shared secret; 

sending the first response to the packet data network; and 
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checking the first response for authenticating the mobile node. 

2. (Original) Method according to claim 1 further comprising the steps of: 

providing the mobile node with a subscriber identity for the telecommunications 
network; and 

forming from the subscriber identity a Network Access Identifier as the mobile node 
identity by the mobile node. 

3. (Original) IMethod according to claim 1 further comprising the step of recognising 
the telecommunications network at the packet data network directly from the mobile 
node identity. 

4. (Previously Presented) Method according to claim 1, further comprising the step 
of providing the packet data network with a shared session key based on the session 
secret. 

5. (Original) Method according to claim 1, further comprising the step of providing a 
communications link between the packet data network and the mobile node for 
communicating the challenge between them, the communications link not being a link of 
the telecommunications network. 

6. (Original) Method according to claim 1, further comprising the step of using a 
Subscriber Identity Module for the providing the mobile node vwth a mobile node identity 
and the generating of the session secret based on a shared secret specific for the mobile 
node identity. 
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7. (Original) Method according to claim 6, wherein the step of providing the mobile 
node with the mobile node Identity and the shared secret specific for the mobile node 
identity further comprises the sub-steps of: 

forming a local connection between the mobile node and a subscriber identity 
module; and 

receiving from the subscriber identity module to the mobile node the mobile node 
identity and a session secret specific to the mobile node identity, 

8. (Original) Method according to claim I, further comprising the steps of: 
obtaining a second response by the telecommunications network; and 
using the second response in the checking the first response. 

9. (Previously Presented) Method according to claim 1, furt:her comprising the step 
of sending the challenge from the telecommunications network to the mobile node via 
the packet data network. 

10. (Original) Method according to claim I, wherein the protection code is based on 
time. 

11. (Cancelled) 
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12. (Previously Presented) Method according to claim 1, further comprising the step 
of generating a shared session Icey for Internet Key Exchange, wherein the shared 
session key is based on the session secret and the challenge. 



13- (Currently Amended) Authentication method in a mobile node for authenticating a 
mobile node to a packet data network, comprising the steps of: 

providing the mobile node with a mobile node identity and a shared secret spedfic to 
the mobile node identity and usable by a telecommunications network; 

providing the mobile node with a protection code; 

sending the mobile node identity and the protection code to the packet data 
network; 

receiving a challenge based on RAND codes of at least two authentication triplets of 
the telecommunication-^ network, and cryptographic information from the packet 
data network; 

checking the validity of the cryptographic information using the challenge and the 
shared secret; 

generating a session secret and a first response corresponding to the challenge, 
based on the shared secret; and 

sending the first response to the packet data network. 



14. (Withdrawn) Method for communicating between a packet data network and a 
mobile node having an access to a subscriber identity of a mobile telecommunication 
networi<, comprising the steps of: 
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providing a mobile node with a subscriber identity for the telecommunications 
networic; and 

forming, by the mobile node, of the subscriber Identity a Network Access Identifier as 
a mobile node identity for use by the packet data network, 

15. (Currently Amended) A network entity for acting as an interface between a packet 
data network and a telecommunications network having an access to an authentication 
setver, the gateway comprising: 

an input for receiving a mobile node identity and a protection code from the packet 
data network; 

an output for providing the authentication server with the mobile node identity; 

an input for receiving a challenge and a session secret corresponding to the mobile 
node identity from the authentication server; 

a first processor for forming cryptographic information using at least the protection 
code and the session secret; 

an output for providing the packet data network witti the challenge and the 
cryptographic information for further transmission to a mobile node; 

an input for receiving a first response corresponding to the challenge, based on a 
shared secret specific to the subscriber identity and known by the mobile node 
and the telecommunications network, from the mobile node via the packet data 
network; and 
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a second processor for verifying the first response for authenticating the mobile 
node , and 

whyein the network entity Is configured to receive least two rhall^ng p^t 
correspondino to the mnhifp node identity fr om the authentication seivpr, to ff^rm 
the cryptographic information based on the at lea^st two received rhaH enQes and 
tp..output the at least two re ceived challenges and the rrvptooraphir information 
for further trRnsmtssion to the mobile node. 



16. (Withdrawn) Gateway for acting as an interface between a packet data network 
and a telecommunications network having an access to an authentication server, the 
gateway comprising: 

a first Input for receiving a Network Access Identifier from the packet data networic; 

a processor for forming a subscriber identity suitable for use In the 
telecommunications network from the Networic Access Identifier; 

a first output for providing the telecommunications network with the subscriber 
identity; 

a first input for receiving from the authentication server a challenge and a session 
secret corresponding to the challenge and to the subscriber identity; and 

a second output for providing the packet data network with the challenge. 



17. (Cancelled) 

18. (Cancelled) 

19. (Cancelled) 
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20. (Currently Amended) Computer program product for controlling a mobile node for 
authenticating the mobile node to a packet data network comprising: 

computer executable code to enable the mobile node to obtain a mobile node identity 
and a shared secret specific to the mobile node identity and usable by a 
telecommunications network; 

computer executable code to enable the mobile node to obtain a protection code; 

computer executable code to enable the mobile node to send the mobile node 
identity and the protection code to the packet data network; 

computer executable code to enable the mobile node to receive a challenge based on 
RAND codes of at least two authentication triplets of the telecommunications 
netwprk, and cryptographic information from the packet data network; 

computer executable code to enable the mobile node to check the validity of the 
cryptographic information using the challenge and the shared secret; 

computer executable code to enable the mobile node to generate a session secret 
and a first response corresponding to the challenge, based on the shared secret; 
and 

computer executable code to enable the mobile node to send the first response to 
the packet data network. 



21. (Withdrawn) Computer program product for controlling a mobile node to 
communicate with a packet data network, mobile node having an access to a subscriber 
identity usable by telecommunications network, the computer program product 
comprising: 
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computer executable code to enable the mobile node to provide a mobile node with 
the subscriber identity; and 

computer executable code to enable the mobile node to form a Network Access 
Identifier of the subscriber identity as a mobile node identity for use by the 
packet data network. 

22. (Original) Memory medium containing a computer program product according to 
claim 20. 

23. (Previously Presented) A network entity according to claim 15 further comprising: 

an output for providing the mobile node with a subscriber identity (IMSI) for the 
telecommunications network; and 

a processor for forming from the subscriber identity a Network Access Identifier 
(NAI) as the mobile node identity by the irwbile node. 

24. (Cancelled) 

25. (Previously Presented) A network entity according to claim 15 further configured 
to generate a shared ses^on key for Internet Key Exchange, wherein the shared session 
key is based on at least one session secret and at least one challenge. 

26. (Previously Presented) The network entity of claim 15 wherein the network entity 
comprises a gateway. 
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27. (Previously Presented) The communication system of claim 17 wherein the mobile 
node is integrated with a mobile station and a terminal part provides the subscriber 
identity and shared secret to the mobile node and mobile station. 

28. (Currently Amended) A method of authenticating a mobile node for a packet data 
network using a telecommunications network, comprising the steps of: storing a mobile 
node identity and a shared secret specific to the mobHe node Identity and usable by a 
telecommunications network; 

generating a protection code; 

sending the mobile node identity and the protection code to the packet data 
network; 

receiving a challenge based on RAND codes of at least two authentication triolefrs nf 
the telecommunications network^ and cryptographic information from the packet 
data network; 

checking the validity of the cryptographic information using the challenge and the 
shared secret; 

generating a session secret and a first response corresponding to the challenge, 
based on the shared secret; and 

sending the first response to the packet data network. 

29. (Cancelled) 

30. (Cancelled) 
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